Update data handling section in SECURITY.md

RubenHalman · web-flow · commit e71689e135c3 · 2025-10-30T19:10:49.000+01:00
Clarified language regarding data handling and user control over scan results.
diff --git a/SECURITY.md b/SECURITY.md
@@ -12,9 +12,11 @@ If you discover a security vulnerability, please report it using [GitHub vulnera
 
 ## Data Handling
 
-This project collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
+This tool collects zero user data. No credentials, PII, payment info, health data, or user content is ever stored, transmitted, or shared. All analysis runs 100% client-side with no network calls to external services.
 
-**Note:** We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
+We temporarily use metadata (e.g., Flow metadata, timestamps) in-memory only for real-time functionality during your session. This data is never stored, logged, or transmitted and is discarded immediately when the session ends.
+
+**Note:** You may manually save scan results (e.g., reports, CSV, JSON) to your local filesystem. These files are created at your request and remain **under your full control. The tool does not access, upload, or retain them.
 
 ## Dependencies
 
